Apple has announced its 2024 Security Research Device (SRD) Program, inviting iOS security researchers to apply for specialized iPhone 14 Pros designed for vulnerability research. These SRDs come with disabled security features and shell access, allowing researchers to deactivate built-in iOS security safeguards for exploration.
Researchers will have the ability to run custom code, choose entitlements, and even customize the kernel, with discovered vulnerabilities automatically considered for Apple Security Bounty rewards. The SRDs are available as 12-month renewable loans and grant researchers various capabilities, including installing custom kernel caches, running arbitrary code, setting NVRAM variables, and booting custom firmware for Secure Page Table Monitor (SPTM) and Trusted Execution Monitor (TXM).
To foster collaborative research, Apple’s SRD Program encourages applications from security researchers until October 31. Successful applicants will have the opportunity to engage with Apple’s security teams to bolster user protection and qualify for security bounty rewards.
The selection process is primarily based on a track record of security research, encompassing platforms beyond just iPhones. Furthermore, Apple extends the program’s benefits to universities, enabling them to request access for instructional purposes in computer science courses.
All submissions will undergo rigorous evaluation by the end of the year, with notifications sent to chosen participants at the beginning of 2024. To ensure the integrity of the program, Apple emphasizes that iPhones provided through the Security Research Device Program should be used exclusively by authorized individuals within secure research facilities and must not leave the premises.
More details about program eligibility and application can be found on the dedicated Apple Security Research Device Program page.
